#!/bin/bash
# SPDX-License-Identifier: MulanPSL-2.0+
# Copyright (c) 2020 Huawei Technologies Co., Ltd. All rights reserved.

PUB_IFACE=$(ip route get 1.2.3.4 | awk '{print $5; exit}')
BR0_IFACE=br0

BR0_SUBNET=172.18.0.0/16

# iptables -t nat -F
iptables -I FORWARD 1 -j ACCEPT
iptables -t nat -A POSTROUTING -o "$PUB_IFACE" -s $BR0_SUBNET -j MASQUERADE
iptables -t nat -A POSTROUTING -o $BR0_IFACE -d $BR0_SUBNET -j MASQUERADE

command -v firewall-cmd > /dev/null || {
	exit 0
}

[ "$(systemctl is-active firewalld)" == "active" ] || {
	exit 0
}

DOCKER0_SUBNET=172.17.0.0/16

firewall-cmd --zone=public --add-rich-rule="rule family=ipv4 source address=$DOCKER0_SUBNET accept"
firewall-cmd --zone=public --add-rich-rule="rule family=ipv4 source address=$BR0_SUBNET accept"
firewall-cmd --zone=public --add-rich-rule="rule family=ipv4 source address=0.0.0.0/32 accept"
firewall-cmd --zone=public --add-masquerade
